

Chad Anderson
Research Engineer /*=$expert->feature_status*/ ?>
DomainTools
Comments Dotted :
18
December 01, 2020
Anyone else involved in the process of government need to be especially vigilant to phishing emails.
Ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay. When sitting on a treasure trove of sensitive personal information, attackers know that the looming threat of exposing it on hacking forums gives them more leverage to instigate a payment. This all comes of course with an increasing number of businesses paying, further incentivizing attackers to use this extra leverage.
Governmental bodies and.....Read More

November 03, 2020
Cybersecurity awareness training and email filtering systems, but also DNS firewalling are among the essentials.
Cybereason's findings are concerning but not surprising: wherever there is valuable information, there will also be an attempt on the part of threat actors to get their hands on it for financial gain, or to leverage for further campaigns of cybercrime.
However, it is worth remembering that despite how effective this spyware might be at covering its tracks, it relies on the same entry vectors as most of cyber threats currently populating the landscape. Emails remain cybercriminals avenue of.....Read More

October 30, 2020
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions.
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions. BEC fraud is an attack vector on the up. Cybercriminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business, such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a.....Read More

October 29, 2020
Security training to keep employees from opening a malicious document in a phishing email is a good start.
This attack is yet another confirmation that defenders need to be right all the time, whereas cybercriminals need to be right only once. Enel was able to stop the spreading of the Snake ransomware back in June, which means that their security controls were probably strong and their response plan well-rehearsed. Unfortunately, this wasn't enough to stop the Netwalker ransomware gang, who appears to be intentioned to leak stolen data if the energy provider won't agree to pay the ransom......Read More

October 15, 2020
Security worst best when it focuses on prevention, rather than reaction.
This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success.
These universities don't need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most.....Read More

October 13, 2020
The increasing complexity of these attacks further reinforces the case for prevention.
Paying the ransom should always be organisations' last resort. It is unfortunate that Tyler Technologies found themselves in that position and isn't necessarily a reflection on the security precautions they had in place prior to falling victim to this attack.
Recently, in fact, cybercriminals have learnt to make up to date, secure backups useless by exfiltrating data as part of their ransomware attack. The victim is then threatened with the public release of such data and is forced to pay a.....Read More

October 07, 2020
Organisations are advised to audit their security posture and ideally change their employees' credentials.
All but encouraging, the figures reported by Arctic Wolf’s Security Operations Annual Report confirm what security teams have observed since the start of the pandemic. Challenges have changed in nature and increased in number as cybercriminals – as per usual – exploited a global crisis to ramp up their efforts. Phishing attempts, especially, are a threat that tends to increase around significant geopolitical events as threat actors try to leverage people’s fears and desire for.....Read More

October 05, 2020
The UK's HMRC has always been one of cybercriminals' favourite organisations to impersonate.
The UK's HMRC has always been one of cybercriminals' favourite organisations to impersonate. After all, what better way to create a sense of urgency or a desire to engage with the email in a potential victim than to pretend to be a tax collection agency, either threatening action or offering a rebate? The other reason why HMRC is so convenient for threat actors to impersonate is the wealth of information that people necessarily and readily share with this entity.
It is then unsurprising that.....Read More

September 14, 2020
Organisations should look into mandating that IT teams follow industry-standard best practices.
This ransomware attack confirms a trend we have seen emerge recently, which is ransomware doubling up as a data breach. Rather than simply encrypting files, attackers have realised that they can increase their profits and the havoc caused by exfiltrating data first. High profile targets such as courts and government are a ripe target for this type of attack, as the information their databases host is particularly sensitive and therefore valuable to be sold on the dark web. Assuming the US Court .....Read More

September 10, 2020
Breaches happen and defensive work is by its very nature a largely reactive job.
The reason for constant defender negativity lies in the maxim that every blue teamer is aware of: we have to be right every time while the attackers only need to be right once. Breaches happen and defensive work is by its very nature a largely reactive job. That cynicism is what happens after years of responding to something as unavoidable as gravity.
Defenders worry most about insider threats because so many companies build this hard outer layer then have complete trust for employees inside......Read More
